We previously had at least three different implementations for resolving
executables in the PATH, all of which had slightly different
characteristics.
Merge those into a single implementation to keep the behaviour
consistent, and maybe to make that implementation more configurable in
the future.
Most changes are around user and group management, which are exposed in
the Android NDK differently than other Unices.
We require version 30 for memfd_create, version 28 for posix_spawn, and
so on. It's possible a shim for memfd_create could be used, but since
Google is mandating new apps use API level 30 as of Nov 2022, this seems
suitable.
These convenience templates allow the following to be written as before:
TRY(Core::System::pledge("promises..."));
TRY(Core::System::pledge("promises...", "execpromises..."));
TRY(Core::System::unveil("path", "permissions"));
TRY(Core::System::unveil(nullptr, nullptr));
Other uses must now append sv to any literal string passed to pledge and
unveil.
This is a single function, which behaves like the various LibC exec()
functions depending on the passed parameters. No direct equivalent is
made for execl() - you have to wrap your arguments in a Span of some
kind.
On Serenity, this calls the syscall directly, whereas Lagom forwards to
the appropriate LibC function.
In a few places we intentionally drop privileges to reduce the potential
security surface area of networked program, with the pattern of:
```
if (setgid(getgid()) || setuid(getuid()) {
return 1;
}
```
We can make this a bit nicer to use by creating a wrapper.
I also added a common interface with StringView compatible parameters:
int serenity_setenv(const char*, ssize_t, const char*, ssize_t, int)
This function is called by both C and C++ API for setenv().
This wrapper is particularly helpful as we use a combination of similar
syscalls on Linux to simulate the behavior of the Serenity-exclusive
anon_create syscall. Users therefore won't have to worry about the
platform anymore :^)
This modifies sys$chown to allow specifying whether or not to follow
symlinks and in which directory.
This was then used to implement lchown and fchownat in LibC and LibCore.
This patch returns an empty Optional<...> instead of an Error for
Core::System::getgrname and Core::System::getpwnam if we can't find a
matching group or user entry.
It also updates the 'chown' utility to support this new behavior.
These are all pretty simple so I thought I would add them all in one go:
- socket()
- bind()
- listen()
- accept()
- accept4()
- connect()
- shutdown()
- send()
- sendmsg()
- sendto()
- recv()
- recvmsg()
- recvfrom()
- getsockopt()
- setsockopt()
- getsockname()
- getpeername()
- socketpair()
